TDPGLUX processes three types of calls:
The exit is initialized when an ENABLE LGUX command is executed. During initialization, TDPLGUX obtains a work area, opens files, and so on.
A logon request is passed to the TDPLGUX before the request is allowed to continue.
When a logon request call is made to TDPLGUX, it is processed in the following manner.
1 TDP builds and passes a parameter list to TDPLGUX. This parameter list consists of:
The TDP identifier and separating slash that CLI allows as a prefix to the Logon String, and the ending semicolon character, are removed by CLI, so are not present within the exit.
2 After the user routine processes the parameter data, the exit can:
When TDP has authenticated the Database userid, the Database requires that both the Logical-host on which TDP resides and the Teradata Database userid both have been granted the right to logon “with null password”. This is accomplished for a particular userid by the SQL GRANT LOGON ON <Logical-host id> TO USERID <userid> WITH NULL PASSWORD or for all userids by the SQL GRANT LOGON ON <Logical-host id> AS DEFAULT WITH NULL PASSWORD.
While Database userids must be defined with a password, the password is ignored when TDP has authenticated the Database userid. Since it is ignored, an expired password will not prevent a logon when TDP has authenticated the Database userid, though it will prevent a logon when TDP has not authenticated that userid, since the password is used.
3 If the logon request is accepted, TDPLGUX sends a return code of zero.
If the logon request is rejected, TDPLGUX sends a nonzero return code and the violation is reported to the security exit.
For an example of coding TDPLGUX, refer to the sample TDPLGUX that is shipped with TDP.
The parameter list is described by the TDPLGPRM macro, which is distributed with the product.